Hosted OpenID Connect & OAuth 2.0 server

Do you want to enjoy all the benefits of having your own Connect2id server, but without having to worry about deployment and operation?

Check out our new service where you can subscribe for a fully hosted and managed Connect2id server, for providing highly-available single sign-on, identity and API access management to your applications.

Sign up / Log in

OpenID Connect Login

Your OpenID Connect and OAuth 2.0 server

Issue OpenID and OAuth tokens to facilitate single sign-on, identity provision and access to web APIs and other protected resources.

Identity federation

Federate identities

Federate identities from trusted providers and organisations as as well as social logins such as as Google, Twitter and Facebook.

User database

Your user data stays with you

You can use your own existing user stores. The Connect2id server does not require access to user credentials, which is good for security.

Identity federation

Bring your own policies

You are free to devise your own login and authorisation rules, and script them in any language. They can be kept on your own servers.

World zones

High availability, in a region of your choice

You get a Connect2id server cluster for high availability, in a AWS data centre of your choice for quick and low-latency access from your applications.

World zones

Collect identity events and metrics

Collect key identity events and metrics in real time, for logging, audit and business intelligence purposes.


€ 299 € 599 Contact us
Up to 10 000
monthly active users
Up to 20 000
monthly active users
monthly active users
2 instances in a load-balanced cluster 2 instances in a load-balanced cluster Up to 4 instances in a load-balanced cluster
Data encryption at rest Data encryption at rest Data encryption at rest
Subdomain name with SSL Subdomain name with SSL Subdomain name with SSL
Email support Email support Email support

Billing is on a monthly basis. The prices are exclusive of European Union VAT (not applicable to subscribers outside the EU).

Sign up / Log in

Frequently asked questions

1. Is there a free plan?

No, but you can try out the service for 14 days (no credit card required).

2. Where is my Connect2id server going to be hosted?

In the Amazon cloud (AWS).

3. Which AWS regions are available?

You can choose to have your Connect2id server cluster deployed in any one of the 16 EC2 regions, in North and South America, Europe, Asia and the Pacific.

4. Which Connect2id server version am I going to get?

Typically the latest stable version of the Connect2id server. Upgrades will be handled by us, transparently to you and with zero service downtime.

5. How can I configure my hosted Connect2id server?

  • With the help of a wizard in the admin console. The JWK set and master tokens will be generated automatically for you in the console.

  • By pasting the entire configuration as Java properties, including the JWK set, into the admin console.

We're also working on providing a web API for configuring your hosted Connect2id server.

6. Which OAuth 2.0 grant types are supported?

The hosted Connect2id server is built to enable handling of the following OAuth grant types:

  • Authorisation code and implicit -- The browser-based flows are handled via the authorisation session API (also see the login page guide).

  • Resource owner password credentials -- Via a web hook that delegates validation of the submitted username and password to an external service.

  • Client credentials -- Via a simple handler that bounds the scope of the issued token to those scope values set in the client's registration.

Web based hooks for handling JWT and SAML 2.0 bearer assertion grants will be provided at a later stage.

7. Which OpenID claims sources are supported?

The hosted Connect2id server build includes two connectors for sourcing OpenID claims (attributes) about end users:

  • LDAP -- To retrieve claims from a Microsoft Active Directory and other LDAP v3 compatible directory servers.

  • HTTP endpoint -- A web hook for retrieving the claims from an external service.

8. Which OAuth client authentication methods are supported

All client authentication methods supported by the on-premise Connect2id server, save for self_signed_tls_client_auth (until client X.509 certificates become supported by Amazon's ELB, or a viable work around is found).

9. What support is included in the subscription?

Basic email support with configuration. If there's sufficient demand we may consider offering more comprehensive support plans, similar to those for the licensed on-premise Connect2id server.

10. What is the billing cycle?

Usage is billed every month, according to the number of active users for the period.

11. How are active users counted?

By counting the unique subject identifiers (end-user identities) in issued ID and access tokens during the billing period.

12. Do you issue VAT invoices?

Yes, we do, if the billed entity is located in the EU.